As you may have heard, GitHub was slightly hacked this weekend, allowing a hacker to add their public key to any repo, which he used to get commit access to Rails. The issue? missing attr_accessible & attr_protected in their models!

In response to this issue a commit was made to Rails to insert attr_accessible by default into Rails generators. The hope is that it'll make it a little more difficult for developers to forget to use this method and protect their apps.

Also in response to this Yehuda Katz gave two suggestions on how to combat this issue. One was to create a signed token when using form_for that contains the fields present in the form. The second layer solution was to move method whitelisting into the controllers, so you could set attribute access based on the context.

You may know about SimpleForm, the gem that gives you a bunch of additional form helpers. Recently SimpleForm 2.0 was released with a bunch of improvements including a new Wrappers API and out of the box twitter bootstrap integration.

When you're building a public API you need to think about things like Versioning to keep from pissing off developers. Bran Ploetz recently released Versionist, which supports three version strategies and has a generator which makes it easy to generate new api versions.

In this episode we do the robo boogie all while discussing REE end of life, preparing your app for Rails 4 & Ruby 1.9, Ruby ORM Initialization slowness, Mutation, spell checking in View Tests, and the release of Rails Testing for Zombies.